Ir para conteúdo

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

cris666

[Arquivado] Nao consigo instalar antivirus.

Recommended Posts

Olá!

Não consigo instalar antivirus. Eu tinha Norton mas ele parou de funcionar. Será que alguém poderia me ajudar?

Só consegui baixar o "McAfee site advisor"...

Além disso, as vezes aparece uma tela azul com algumas informações escritas. Porém, o conteúdo delas muda, uma vez estava escrito que ocorreu um problema na memória...

Será que o virus que bloqueia a instalação do antivirus também está causando esse problema?

 

A seguir está o log do HijackThis:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:35:22, on 27/08/2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18294)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Orbitdownloader\orbitdm.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Orbitdownloader\orbitnet.exe

C:\Program Files\Apoint2K\ApMsgFwd.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Users\Owner\Desktop\imabunny.exe.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freerice.com/index.php

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://br.search.yahoo.com/search?fr=mcafee&p=%s

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 139.82.115.10:80

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: HP Print Clips - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe"

O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [QlbCtrl] "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start

O4 - HKLM\..\Run: [uCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"

O4 - HKLM\..\Run: [igfxTray] "C:\Windows\system32\igfxtray.exe"

O4 - HKLM\..\Run: [HotKeysCmds] "C:\Windows\system32\hkcmd.exe"

O4 - HKLM\..\Run: [Persistence] "C:\Windows\system32\igfxpers.exe"

O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlcm.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe

O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

 

--

End of file - 8988 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Tarde! cris666

 

<@> Baixe: < Norton Removal Tool >

<@> Execute esta tool,na remoção de resquícios do Norton.

<><><><><><><><><><>

<@> Baixe: < LopS&D >

<@> Salve-o no Disco Local-C!

<@> Instale o programa e clique em: LopSD.cmd

<@> Na janela que abrir,aperte o "p" --> Aperte Enter.

 

Lop_Choix-large.jpg

 

<@> Em outra janela,aperte a opção: 2 - Fix + Hosts --> Aperte Enter --> Aguarde!

 

Lop_Lang_en-large.jpg

 

<@> Ps: Fique atento às notificações de seu antivírus,enviando os ficheiros detectados,para a quarentena.

<@> Terminando,salve e poste o relatório. ( C:\Lop SD\LopR_1.txt )

<><><><><><><><><><>

<@> Baixe: < FindyKill > ( ...par Chiquitine29 )

<@> Salve-a em Arquivos de Programas!

<@> Feche programas que estejam abertos.

<@> Desabilite a proteção residente de antivírus e antispywares.

<@> Ps: A detecção dessa ferramenta,por antivírus,é um falso positivo!

<@> Instale a ferramenta,e aceite todas as condições pedidas.

<@> Terminando;execute a ferramenta com um duplo-clique,em: C:\Arquivos de Programas\FindyKill\FindyKill.bat

<@> No prompt,aperte o P. --> Enter. <-- Opção de linguas!

<@> À seguir,aperte o 2. ( "Eliminar los ficheros infectados" )

<@> Aperte Enter --> O computador vai reiniciar,por duas vezes! --> Aguarde!

<@> Terminando,clique em uma área vazia do prompt! --> Aperte Enter.

<@> Abrir-se-à o Bloco de Notas,com o relatório: C:\FindyKill.txt <-- Rapport!

<><><><><><><><><><>

<@> Baixe: < DDS > ( ...by sUBs )

<@> Salve-o no desktop!

<@> Desabilite seus programas de proteção: antivírus,antimalware,antispyware ou firewall.

<@> Estando desconectado,execute a ferramenta! --> Duplo clique em icon.jpg.

<@> Aguarde o término do scan,até obtermos o relatório. ( DDS.txt ) <--

<@> Surgirá,também,uma nova janela: "D.D.S - Optional_Scan" --> Clique em Sim.

<@> O Bloco de Notas irá abrir,com outro relatório. ( Attach.txt ) <--

<@> Ps: Caso o relatório seja incompreensível,renomeie o executável para DDS.exe e repita o scan.

<@> Outra janela,finalmente,abrir-se-à! --> Clique em OK.

<@> Salve os relatórios: DDS.txt + Attach.txt <-- Poste-os!

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá! Muito obrigada pela sua resposta!!!

Fiz a remoção de resquícios do Norton. E deu tudo certo com o LopS&D (vou colocar o relatório aqui). Porém, não consegui instalar o FindyKill na área "arquivos de programas" apareceu uma mensagem dizendo que eu necessitaria da autorização do administrador (porém, o usuário que estou usando é o administrador do pc) resolvi entao salvar em c: users owner. Quando acabei de execultar o pc só reiniciou 1 vez e não apareceu prompt e nem relatório com o nome que você mencionou.

Além disso tive que reiniciar o pc manualmente, pois apareceu uma mensagem falando que tinha um problema nos "Bios memory".

Instalei o dds no desktop, porem aparece a mensagem : Some installation files are corrupt. Please download a fresh copy and retry the installation.

Muito obrigada por me ajudar!!!

 

 

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

 

Microsoft® Windows Vista™ Home Premium ( v6.0.6001 ) Service Pack 1

X86-based PC ( Multiprocessor Free : Intel® Core2 Duo CPU T5550 @ 1.83GHz )

BIOS : Ver 1.00PARTTBL8

USER : Owner ( Administrator )

BOOT : Normal boot

C:\ (Local Disk) - NTFS - Total:221 Go (Free:157 Go)

D:\ (Local Disk) - NTFS - Total:11 Go (Free:2 Go)

E:\ (CD or DVD)

 

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )

Option : [2] ( 28/08/2009|21:32 )

 

 

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ FIX

 

Deleted! - C:\Program Files\Orbitdownloader\addons

Deleted! - C:\Program Files\Orbitdownloader\banurl.ini

Deleted! - C:\Program Files\Orbitdownloader\changelog.txt

Failed ! - C:\Program Files\Orbitdownloader\download.dll

Deleted! - C:\Program Files\Orbitdownloader\Grab.exe

Deleted! - C:\Program Files\Orbitdownloader\GrabDll.dll

Deleted! - C:\Program Files\Orbitdownloader\GrabKernel.dll

Deleted! - C:\Program Files\Orbitdownloader\GrabPro.dll

Failed ! - C:\Program Files\Orbitdownloader\idht.dll

Deleted! - C:\Program Files\Orbitdownloader\Lang.ini

Deleted! - C:\Program Files\Orbitdownloader\language

Deleted! - C:\Program Files\Orbitdownloader\libeay32.dll

Deleted! - C:\Program Files\Orbitdownloader\magic.mgc

Deleted! - C:\Program Files\Orbitdownloader\orbitcth.dll

Deleted! - C:\Program Files\Orbitdownloader\orbitdm.exe

Deleted! - C:\Program Files\Orbitdownloader\orbitmxt.dll

Deleted! - C:\Program Files\Orbitdownloader\orbitnet.exe

Deleted! - C:\Program Files\Orbitdownloader\saction.dll

Deleted! - C:\Program Files\Orbitdownloader\siteinfo.ini

Deleted! - C:\Program Files\Orbitdownloader\ssleay32.dll

Deleted! - C:\Program Files\Orbitdownloader\unins000.dat

Deleted! - C:\Program Files\Orbitdownloader\unins000.exe

Deleted! - C:\Program Files\Orbitdownloader\update

Deleted! - C:\Program Files\Orbitdownloader\winfile.dll

Deleted! - C:\Program Files\Orbitdownloader

-

[ Hosts file ] .. Restored!

 

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

 

Deleted! - C:\Program Files\Viewpoint

Deleted! - C:\PROGRA~2\Viewpoint

 

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

 

 

--------------------\\ Listing folders in Local

 

[27/08/2009|22:27] C:\Users\Owner\AppData\Local\Adobe

[26/07/2008|20:03] C:\Users\Owner\AppData\Local\Application Data

[26/07/2008|20:13] C:\Users\Owner\AppData\Local\AtStart.txt

[28/08/2009|20:06] C:\Users\Owner\AppData\Local\d3d9caps.dat

[22/08/2009|21:11] C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[26/07/2008|20:10] C:\Users\Owner\AppData\Local\Downloaded Installations

[26/07/2008|20:13] C:\Users\Owner\AppData\Local\DSwitch.txt

[10/03/2009|13:26] C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT

[06/06/2009|14:45] C:\Users\Owner\AppData\Local\Google

[25/08/2008|19:33] C:\Users\Owner\AppData\Local\Hewlett-Packard

[26/07/2008|20:03] C:\Users\Owner\AppData\Local\History

[01/01/2009|21:05] C:\Users\Owner\AppData\Local\HP

[27/08/2009|23:52] C:\Users\Owner\AppData\Local\IconCache.db

[01/01/2009|21:10] C:\Users\Owner\AppData\Local\Microsoft

[23/08/2008|16:46] C:\Users\Owner\AppData\Local\Microsoft Games

[08/01/2009|13:51] C:\Users\Owner\AppData\Local\Microsoft Help

[26/07/2008|20:13] C:\Users\Owner\AppData\Local\QSwitch.txt

[08/01/2009|13:51] C:\Users\Owner\AppData\Local\QuickPlay

[28/12/2008|22:49] C:\Users\Owner\AppData\Local\Seven Zip

[28/08/2009|21:33] C:\Users\Owner\AppData\Local\Temp

[26/07/2008|20:03] C:\Users\Owner\AppData\Local\Temporary Internet Files

[08/09/2008|15:51] C:\Users\Owner\AppData\Local\VirtualStore

[19/08/2009|13:58] C:\Users\Owner\AppData\Local\Zylom Games

 

--------------------\\ Scheduled Tasks located in C:\Windows\Tasks

 

[28/08/2009 20:08][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{BD821E18-E4F7-4738-9E37-983FA78A6579}.job

[28/08/2009 21:12][--ah-----] C:\Windows\tasks\SA.DAT

[27/08/2009 23:52][--a------] C:\Windows\tasks\SCHEDLGU.TXT

 

--------------------\\ Listing Folders in C:\ProgramData

 

[23/03/2009|17:07] C:\ProgramData\Adobe

[29/08/2008|22:07] C:\ProgramData\AOL

[24/08/2008|12:18] C:\ProgramData\AOL OCP

[02/11/2006|10:02] C:\ProgramData\Application Data

[27/06/2009|13:08] C:\ProgramData\Babylon

[23/10/2008|18:24] C:\ProgramData\CyberLink

[02/11/2006|10:02] C:\ProgramData\Desktop

[02/11/2006|10:02] C:\ProgramData\Documents

[20/06/2009|18:25] C:\ProgramData\Electronic Arts

[17/01/2009|20:41] C:\ProgramData\eMule

[02/11/2006|10:02] C:\ProgramData\Favorites

[22/04/2009|19:44] C:\ProgramData\GoBit Games

[06/06/2009|15:28] C:\ProgramData\Google

[07/01/2009|10:13] C:\ProgramData\Hewlett-Packard

[07/01/2009|10:16] C:\ProgramData\HP

[07/01/2009|10:09] C:\ProgramData\HPSSUPPLY

[08/01/2009|12:45] C:\ProgramData\hpzinstall.log

[22/08/2009|21:52] C:\ProgramData\McAfee

[16/03/2009|20:00] C:\ProgramData\Microsoft

[13/08/2009|20:01] C:\ProgramData\Microsoft Help

[23/02/2008|06:42] C:\ProgramData\muvee Technologies

[28/08/2009|21:22] C:\ProgramData\NortonInstaller

[11/07/2009|22:50] C:\ProgramData\NOS

[19/01/2009|14:27] C:\ProgramData\SimCity Societies

[22/08/2009|21:53] C:\ProgramData\SiteAdvisor

[02/11/2006|10:02] C:\ProgramData\Start Menu

[28/08/2009|21:23] C:\ProgramData\Symantec

[02/11/2006|10:02] C:\ProgramData\Templates

[07/01/2009|10:21] C:\ProgramData\WEBREG

[21/12/2008|15:49] C:\ProgramData\WildTangent

[14/01/2009|20:26] C:\ProgramData\WindowsSearch

[02/08/2008|09:38] C:\ProgramData\WLInstaller

 

--------------------\\ Listing Folders in C:\Program Files

 

[23/03/2009|17:08] C:\Program Files\Adobe

[27/06/2008|04:32] C:\Program Files\Apoint2K

[23/02/2008|07:13] C:\Program Files\AWS

[22/08/2009|21:52] C:\Program Files\Common Files

[27/06/2008|04:34] C:\Program Files\CONEXANT

[27/06/2008|04:47] C:\Program Files\CyberLink

[20/06/2009|15:05] C:\Program Files\EA GAMES

[23/02/2008|07:12] C:\Program Files\earthlink totalaccess

[22/08/2009|16:02] C:\Program Files\Electronic Arts

[17/01/2009|20:40] C:\Program Files\eMule

[22/08/2009|13:24] C:\Program Files\Foxit Software

[06/06/2009|15:28] C:\Program Files\Google

[27/06/2008|04:45] C:\Program Files\Hewlett-Packard

[07/01/2009|10:09] C:\Program Files\HP

[27/06/2008|04:50] C:\Program Files\HP Games

[26/07/2008|20:05] C:\Program Files\HPQ

[14/07/2009|13:08] C:\Program Files\InstallShield Installation Information

[27/06/2008|04:35] C:\Program Files\Intel

[29/07/2009|13:33] C:\Program Files\Internet Explorer

[27/08/2009|15:01] C:\Program Files\Java

[08/01/2009|14:00] C:\Program Files\LimeWire

[27/06/2008|04:35] C:\Program Files\Marvell

[23/08/2009|13:10] C:\Program Files\McAfee

[02/11/2006|09:37] C:\Program Files\Microsoft Games

[23/02/2008|06:54] C:\Program Files\Microsoft Office

[11/06/2009|12:23] C:\Program Files\Microsoft Works

[20/06/2009|18:24] C:\Program Files\Microsoft WSE

[23/02/2008|06:54] C:\Program Files\Microsoft.NET

[20/01/2008|23:35] C:\Program Files\Movie Maker

[02/11/2006|09:37] C:\Program Files\MSBuild

[29/07/2008|13:45] C:\Program Files\MSXML 4.0

[23/02/2008|06:42] C:\Program Files\muvee Technologies

[27/06/2008|04:33] C:\Program Files\NetWaiting

[11/07/2009|22:50] C:\Program Files\NOS

[08/01/2009|13:51] C:\Program Files\Online Services

[27/08/2009|20:23] C:\Program Files\Panda Security

[08/09/2008|15:49] C:\Program Files\PlotSoft

[02/11/2006|09:37] C:\Program Files\Reference Assemblies

[23/02/2008|06:57] C:\Program Files\Sling Media

[02/11/2006|10:01] C:\Program Files\Uninstall Information

[14/09/2008|12:19] C:\Program Files\uTorrent

[11/12/2008|21:21] C:\Program Files\VideoLAN

[20/01/2008|23:35] C:\Program Files\Windows Calendar

[20/01/2008|23:35] C:\Program Files\Windows Collaboration

[20/01/2008|23:35] C:\Program Files\Windows Defender

[20/01/2008|23:35] C:\Program Files\Windows Journal

[02/08/2008|09:57] C:\Program Files\Windows Live

[12/08/2009|12:36] C:\Program Files\Windows Mail

[12/08/2009|13:37] C:\Program Files\Windows Media Player

[02/11/2006|09:37] C:\Program Files\Windows NT

[20/01/2008|23:35] C:\Program Files\Windows Photo Gallery

[20/01/2008|23:35] C:\Program Files\Windows Sidebar

[29/06/2009|18:45] C:\Program Files\WinRAR

[27/06/2008|04:30] C:\Program Files\WinTV

[18/04/2009|15:31] C:\Program Files\XMedia Recode

[26/07/2008|20:24] C:\Program Files\Yahoo!

 

--------------------\\ Listing Folders in C:\Program Files\Common Files

 

[23/03/2009|17:07] C:\Program Files\Common Files\Adobe

[06/03/2009|11:46] C:\Program Files\Common Files\DESIGNER

[07/01/2009|10:04] C:\Program Files\Common Files\Hewlett-Packard

[23/02/2008|06:58] C:\Program Files\Common Files\HP

[11/12/2008|21:00] C:\Program Files\Common Files\Hypnotizer

[23/02/2008|07:00] C:\Program Files\Common Files\InstallShield

[23/02/2008|07:24] C:\Program Files\Common Files\Java

[26/07/2008|20:05] C:\Program Files\Common Files\LightScribe

[22/08/2009|21:52] C:\Program Files\Common Files\McAfee

[06/03/2009|11:46] C:\Program Files\Common Files\microsoft shared

[23/02/2008|06:42] C:\Program Files\Common Files\muvee Technologies

[02/11/2006|08:18] C:\Program Files\Common Files\Services

[02/11/2006|08:18] C:\Program Files\Common Files\SpeechEngines

[28/08/2009|21:23] C:\Program Files\Common Files\Symantec Shared

[20/01/2008|23:35] C:\Program Files\Common Files\System

[02/08/2008|09:44] C:\Program Files\Common Files\WindowsLiveInstaller

 

--------------------\\ Process

 

( 68 Processes )

 

... OK !

 

--------------------\\ Searching with S_Lop

 

No Lop folder found !

 

--------------------\\ Searching for Lop Files - Folders

 

No Lop folder found !

 

--------------------\\ Searching within the Registry

 

..... OK !

 

--------------------\\ Checking the Hosts file

 

Hosts file CLEAN

 

 

--------------------\\ Searching for hidden files with Catchme

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-28 21:33:14

Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden files: 3

 

--------------------\\ Searching for other infections

 

--------------------\\ Cracks & Keygens ..

 

C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JZHJEJ02\the-sims-3-crack-keygen-only-reloaded[1].htm

C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Recent\crack the sims 3 ita [CrackNoCD].lnk

 

 

[F:34][D:5]-> C:\Users\Owner\AppData\Local\Temp

[F:2324][D:1]-> C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\Cookies

[F:2501][D:12]-> C:\Users\Owner\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5

[F:7][D:4]-> C:\$Recycle.Bin

 

1 - "C:\Lop SD\LopR_1.txt" - 28/08/2009|21:36 - Option : [2]

 

--------------------\\ Scan completed at 21:36:34

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom Dia! cris666

 

<@> Baixe: < otlDesktopIcon.png > ( ...by OldTimer Tools )

<@> Salve-o no desktop!

 

OTLI-scan.png

 

<@> Segundo a imagem,mude a opção em "Output" para "Minimal Output".

<@> Duplo-clique em OTL.exe --> Marque a opção "Scan All Users".

<@> Clique em: < runscanbutton.png > --> Aguarde!

<@> Poste:

 

<1> OTL.txt <--

<2> Extra.txt <--

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá, DigRam! Bom dia!

A aqui está:

 

OTL logfile created on: 29/08/2009 11:34:05 - Run 1

OTL by OldTimer - Version 3.0.10.7 Folder = C:\Users\Owner\Desktop

Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6001.18000)

Locale: 00000416 | Country: Brazil | Language: PTB | Date Format: dd/MM/yyyy

 

2,00 Gb Total Physical Memory | 1,91 Gb Available Physical Memory | 95,70% Memory free

4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 221,20 Gb Total Space | 157,60 Gb Free Space | 71,25% Space Free | Partition Type: NTFS

Drive D: | 11,68 Gb Total Space | 2,00 Gb Free Space | 17,12% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: OWNER-PC

Current User Name: Owner

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

 

========== Processes (SafeList) ==========

 

PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)

PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()

PRC - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe ()

PRC - C:\Program Files\CyberLink\Shared Files\RichVideo.exe ()

PRC - C:\Windows\System32\DRIVERS\xaudio.exe (Conexant Systems, Inc.)

PRC - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Development Company, L.P.)

PRC - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe ()

PRC - C:\Windows\Explorer.EXE (Microsoft Corporation)

PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

PRC - C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.)

PRC - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe ( Hewlett-Packard Development Company, L.P.)

PRC - C:\Windows\System32\igfxtray.exe (Intel Corporation)

PRC - C:\Windows\System32\hkcmd.exe (Intel Corporation)

PRC - C:\Windows\System32\igfxpers.exe (Intel Corporation)

PRC - C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.)

PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

PRC - C:\Windows\System32\igfxsrvc.exe (Intel Corporation)

PRC - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)

PRC - C:\Windows\ehome\ehtray.exe (Microsoft Corporation)

PRC - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)

PRC - C:\Windows\ehome\ehmsas.exe (Microsoft Corporation)

PRC - C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

PRC - C:\Program Files\Apoint2K\ApMsgFwd.exe (Alps Electric Co., Ltd.)

PRC - C:\Windows\System32\wbem\wmiprvse.exe (Microsoft Corporation)

PRC - C:\Program Files\Apoint2K\Apntex.exe (Alps Electric Co., Ltd.)

PRC - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)

PRC - C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)

PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

PRC - C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe (Hewlett-Packard Co.)

PRC - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe (Hewlett-Packard)

PRC - C:\Users\Owner\Desktop\OTL.exe (OldTimer Tools)

 

========== Win32 Services (SafeList) ==========

 

SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (Com4Qlb [On_Demand | Stopped]) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe (Hewlett-Packard Development Company, L.P.)

SRV - (ehRecvr [On_Demand | Stopped]) -- C:\Windows\ehome\ehRecvr.exe (Microsoft Corporation)

SRV - (ehSched [On_Demand | Stopped]) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)

SRV - (ehstart [Auto | Stopped]) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)

SRV - (Eventlog [Auto | Running]) -- C:\Windows\System32\wevtsvc.dll (Microsoft Corporation)

SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)

SRV - (GameConsoleService [On_Demand | Stopped]) -- C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe (WildTangent, Inc.)

SRV - (HP Health Check Service [Auto | Running]) -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe (Hewlett-Packard)

SRV - (hpqwmiex [Auto | Running]) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Development Company, L.P.)

SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)

SRV - (idsvc [unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)

SRV - (LightScribeService [Auto | Running]) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)

SRV - (McAfee SiteAdvisor Service [Auto | Running]) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()

SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)

SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)

SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

SRV - (QPCapSvc [Auto | Running]) -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe ()

SRV - (QPSched [Auto | Running]) -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe ()

SRV - (RichVideo [Auto | Running]) -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe ()

SRV - (usnjsvc [On_Demand | Running]) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)

SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)

SRV - (WLSetupSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)

SRV - (WMPNetworkSvc [On_Demand | Running]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

SRV - (XAudioService [Auto | Running]) -- C:\Windows\System32\DRIVERS\xaudio.exe (Conexant Systems, Inc.)

 

========== Driver Services (SafeList) ==========

 

DRV - (adp94xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)

DRV - (adpahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)

DRV - (adpu160m [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)

DRV - (adpu320 [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)

DRV - (aic78xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)

DRV - (aliide [Disabled | Stopped]) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)

DRV - (ApfiltrService [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\Apfiltr.sys (Alps Electric Co., Ltd.)

DRV - (arc [Disabled | Stopped]) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)

DRV - (arcsas [Disabled | Stopped]) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)

DRV - (BCM43XV [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\bcmwl6.sys (Broadcom Corporation)

DRV - (BrFiltLo [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)

DRV - (BrFiltUp [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)

DRV - (Brserid [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)

DRV - (BrSerWdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)

DRV - (BrUsbMdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)

DRV - (BrUsbSer [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)

DRV - (BVRPMPR5 [On_Demand | Stopped]) -- C:\Windows\System32\drivers\BVRPMPR5.SYS (Avanquest Software)

DRV - (cmdide [Disabled | Stopped]) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)

DRV - (CnxtHdAudService [On_Demand | Running]) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)

DRV - (E1G60 [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\E1G60I32.sys (Intel Corporation)

DRV - (elxstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)

DRV - (HdAudAddService [On_Demand | Stopped]) -- C:\Windows\System32\drivers\CHDART.sys (Conexant Systems Inc.)

DRV - (HpCISSs [Disabled | Stopped]) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)

DRV - (HpqKbFiltr [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)

DRV - (HpqRemHid [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\HpqRemHid.sys (Hewlett-Packard Development Company, L.P.)

DRV - (HSFHWAZL [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\VSTAZL3.SYS (Conexant Systems, Inc.)

DRV - (HSF_DPV [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\HSX_DPV.sys (Conexant Systems, Inc.)

DRV - (HSXHWAZL [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\HSXHWAZL.sys (Conexant Systems, Inc.)

DRV - (iaStor [boot | Running]) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)

DRV - (iaStorV [Disabled | Stopped]) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)

DRV - (igfx [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\igdkmd32.sys (Intel Corporation)

DRV - (iirsp [Disabled | Stopped]) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)

DRV - (iteatapi [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)

DRV - (iteraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)

DRV - (LSI_FC [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)

DRV - (LSI_SAS [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)

DRV - (LSI_SCSI [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)

DRV - (mdmxsdk [Auto | Running]) -- C:\Windows\System32\DRIVERS\mdmxsdk.sys (Conexant)

DRV - (megasas [Disabled | Stopped]) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)

DRV - (MegaSR [Disabled | Stopped]) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)

DRV - (Mraid35x [Disabled | Stopped]) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)

DRV - (NETw3v32 [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\NETw3v32.sys (Intel Corporation)

DRV - (NETw4v32 [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\NETw4v32.sys (Intel Corporation)

DRV - (nfrd960 [Disabled | Stopped]) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)

DRV - (ntrigdigi [Disabled | Stopped]) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)

DRV - (NVENETFD [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\nvm60x32.sys (NVIDIA Corporation)

DRV - (nvraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)

DRV - (nvstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)

DRV - (pavboot [boot | Running]) -- C:\Windows\system32\drivers\pavboot.sys (Panda Security, S.L.)

DRV - (ql2300 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)

DRV - (ql40xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)

DRV - (rimmptsk [Auto | Running]) -- C:\Windows\System32\DRIVERS\rimmptsk.sys (REDC)

DRV - (rimsptsk [Auto | Running]) -- C:\Windows\System32\DRIVERS\rimsptsk.sys (REDC)

DRV - (rismxdp [Auto | Running]) -- C:\Windows\System32\DRIVERS\rixdptsk.sys (REDC)

DRV - (secdrv [Auto | Running]) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)

DRV - (SiSRaid4 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)

DRV - (Symc8xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)

DRV - (Sym_hi [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)

DRV - (Sym_u3 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)

DRV - (uliahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)

DRV - (UlSata [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)

DRV - (ulsata2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)

DRV - (viaide [Disabled | Stopped]) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)

DRV - (vsmraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)

DRV - (winachsf [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\HSX_CNXT.sys (Conexant Systems, Inc.)

DRV - (XAudio [Auto | Running]) -- C:\Windows\System32\DRIVERS\xaudio.sys (Conexant Systems, Inc.)

DRV - (yukonwlh [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\yk60x86.sys (Marvell)

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop

 

 

IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-242662230-3875772334-1554595176-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop

IE - HKU\S-1-5-21-242662230-3875772334-1554595176-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm

IE - HKU\S-1-5-21-242662230-3875772334-1554595176-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKU\S-1-5-21-242662230-3875772334-1554595176-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data over 100 bytes]

IE - HKU\S-1-5-21-242662230-3875772334-1554595176-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.freerice.com/index.php

IE - HKU\S-1-5-21-242662230-3875772334-1554595176-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-242662230-3875772334-1554595176-1000\S-1-5-21-242662230-3875772334-1554595176-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-242662230-3875772334-1554595176-1000\S-1-5-21-242662230-3875772334-1554595176-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 139.82.115.10:80

 

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/08/26 22:34:03 | 00,000,000 | ---D | M]

 

 

O1 HOSTS File: (27 bytes) - C:\Windows\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll File not found

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.

O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (HP Print Clips) - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)

O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()

O3 - HKU\S-1-5-21-242662230-3875772334-1554595176-1000\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.)

O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)

O4 - HKLM..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)

O4 - HKLM..\Run: [igfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)

O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)

O4 - HKLM..\Run: [QlbCtrl] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)

O4 - HKLM..\Run: [QPService] C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [uCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.DLL (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.DLL (Microsoft Corporation)

O4 - HKU\S-1-5-21-242662230-3875772334-1554595176-1000..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-242662230-3875772334-1554595176-1000..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-242662230-3875772334-1554595176-1000..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)

O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17

O7 - HKU\S-1-5-21-242662230-3875772334-1554595176-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1

O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll File not found

O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll File not found

O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll File not found

O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll File not found

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O13 - gopher Prefix: missing

O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)

O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)

O15 - HKU\S-1-5-21-242662230-3875772334-1554595176-1000\..Trusted Ranges: Range1 ([http] in Local intranet)

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)

O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlcm.cab (Reg Error: Value error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)

O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)

O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)

O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()

O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)

O30 - LSA: Authentication Packages - (ows\S) - File not found

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/02/23 06:42:35 | 00,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2005/09/11 12:18:54 | 00,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck) - File not found

O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)

O34 - HKLM BootExecute: (*) - File not found

 

========== Files/Folders - Created Within 30 Days ==========

 

[2009/08/29 11:32:56 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe

[2009/08/28 22:26:27 | 00,359,932 | ---- | C] () -- C:\Users\Owner\Desktop\dds.scr

[2009/08/28 22:15:45 | 00,001,412 | ---- | C] () -- C:\Users\Owner\Desktop\FindyKill.lnk

[2009/08/28 22:15:41 | 00,000,000 | ---D | C] -- C:\FindyKill

[2009/08/28 22:14:22 | 00,000,000 | RHS- | C] () -- C:\MSDOS.SYS

[2009/08/28 22:14:22 | 00,000,000 | RHS- | C] () -- C:\IO.SYS

[2009/08/28 21:49:31 | 00,000,000 | ---D | C] -- C:\Program Files\FindyKill

[2009/08/28 21:26:16 | 00,000,000 | ---D | C] -- C:\Lop SD

[2009/08/27 23:01:57 | 00,000,610 | ---- | C] () -- C:\Users\Owner\Desktop\UnHookExec.inf

[2009/08/27 22:13:00 | 32,090,56256 | -HS- | C] () -- C:\hiberfil.sys

[2009/08/27 22:02:40 | 00,000,134 | ---- | C] () -- C:\Users\Owner\Desktop\System - Shortcut.lnk

[2009/08/27 21:39:00 | 00,001,682 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Orbit.lnk

[2009/08/27 20:23:09 | 00,028,544 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\pavboot.sys

[2009/08/27 17:43:11 | 00,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Adobe

[2009/08/27 15:01:16 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe

[2009/08/27 15:01:16 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe

[2009/08/27 15:01:16 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe

[2009/08/26 12:45:51 | 00,848,656 | ---- | C] (AVG Technologies) -- C:\Users\Owner\Desktop\hdjshn.exe

[2009/08/26 10:05:50 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll

[2009/08/25 21:23:40 | 04,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll

[2009/08/25 21:23:40 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll

[2009/08/23 16:18:28 | 00,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Users\Owner\Desktop\imabunny.exe.exe

[2009/08/23 16:05:10 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security

[2009/08/22 21:52:36 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee

[2009/08/22 21:52:32 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee

[2009/08/22 13:24:58 | 00,001,023 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk

[2009/08/22 13:24:58 | 00,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Foxit

[2009/08/22 13:24:58 | 00,000,000 | ---D | C] -- C:\Program Files\Foxit Software

[2009/08/21 23:23:51 | 01,256,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll

[2009/08/21 23:23:51 | 00,499,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kerberos.dll

[2009/08/21 23:23:51 | 00,270,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schannel.dll

[2009/08/21 23:23:51 | 00,213,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msv1_0.dll

[2009/08/21 23:23:51 | 00,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdigest.dll

[2009/08/21 23:23:50 | 00,439,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ksecdd.sys

[2009/08/21 23:23:50 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll

[2009/08/21 23:23:50 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsass.exe

[2009/08/20 17:38:02 | 00,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\AVG8

[2009/08/17 22:38:48 | 00,967,680 | ---- | C] () -- C:\Users\Owner\Documents\lista_ipc_enviado_para_cristiane.xls

[2009/08/12 23:05:51 | 00,012,487 | ---- | C] () -- C:\Users\Owner\Documents\Artigos Goldin.rtf

[2009/08/12 20:08:35 | 00,320,675 | ---- | C] () -- C:\Users\Owner\Documents\Grad_-_92_-_alterado.JPG

[2009/08/11 22:55:41 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\atl.dll

[2009/08/11 22:55:35 | 00,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wkssvc.dll

[2009/08/11 22:53:38 | 00,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll

[2009/08/11 19:07:51 | 10,626,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmp.dll

[2009/08/11 19:07:50 | 00,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpdxm.dll

[2009/08/11 19:07:49 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll

[2009/08/11 19:07:48 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx

[2009/08/11 19:07:48 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll

[2009/08/11 19:07:46 | 08,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL

[2009/08/11 19:07:46 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb

[2009/08/11 19:07:46 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb

[2009/08/11 19:01:51 | 02,066,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstscax.dll

[2009/08/06 21:25:36 | 00,248,320 | ---- | C] () -- C:\Users\Owner\Documents\lista ipc.xls

[2009/08/04 20:58:00 | 00,109,568 | ---- | C] () -- C:\Users\Owner\Documents\lista ipc(1).xls

[2008/06/27 04:29:34 | 01,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll

[2008/06/27 04:29:34 | 00,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll

[2008/06/27 04:29:34 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1329.dll

[2008/06/27 04:29:34 | 00,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll

[2006/11/02 09:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006/11/02 07:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini

[2006/11/02 07:23:31 | 00,000,144 | ---- | C] () -- C:\Windows\win.ini

[2006/11/02 04:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

 

========== Files - Modified Within 30 Days ==========

 

[2009/08/29 11:32:59 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe

[2009/08/29 11:28:51 | 00,000,521 | ---- | M] () -- C:\Users\Owner\Documents\My Sharing Folders.lnk

[2009/08/29 11:27:28 | 00,000,281 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini

[2009/08/29 11:27:26 | 00,006,540 | ---- | M] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat

[2009/08/29 11:27:08 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2009/08/29 11:27:08 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2009/08/29 11:27:06 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2009/08/29 11:27:04 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2009/08/29 11:27:02 | 32,090,56256 | -HS- | M] () -- C:\hiberfil.sys

[2009/08/29 01:34:11 | 02,221,009 | -H-- | M] () -- C:\Users\Owner\AppData\Local\IconCache.db

[2009/08/28 22:40:39 | 00,359,932 | ---- | M] () -- C:\Users\Owner\Desktop\dds.scr

[2009/08/28 22:15:45 | 00,001,412 | ---- | M] () -- C:\Users\Owner\Desktop\FindyKill.lnk

[2009/08/28 22:14:22 | 00,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2009/08/28 22:14:22 | 00,000,000 | RHS- | M] () -- C:\IO.SYS

[2009/08/28 21:57:27 | 21,497,2327 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2009/08/28 21:33:05 | 00,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2009/08/28 20:08:22 | 00,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{BD821E18-E4F7-4738-9E37-983FA78A6579}.job

[2009/08/27 23:01:58 | 00,000,610 | ---- | M] () -- C:\Users\Owner\Desktop\UnHookExec.inf

[2009/08/27 22:08:02 | 00,001,682 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Orbit.lnk

[2009/08/27 22:02:40 | 00,000,134 | ---- | M] () -- C:\Users\Owner\Desktop\System - Shortcut.lnk

[2009/08/22 21:11:33 | 00,034,816 | ---- | M] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/08/22 13:26:25 | 00,001,023 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk

[2009/08/18 20:16:16 | 00,967,680 | ---- | M] () -- C:\Users\Owner\Documents\lista_ipc_enviado_para_cristiane.xls

[2009/08/12 23:05:51 | 00,012,487 | ---- | M] () -- C:\Users\Owner\Documents\Artigos Goldin.rtf

[2009/08/12 20:08:56 | 00,320,675 | ---- | M] () -- C:\Users\Owner\Documents\Grad_-_92_-_alterado.JPG

[2009/08/10 12:40:30 | 00,690,760 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI

[2009/08/10 12:40:30 | 00,586,980 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2009/08/10 12:40:30 | 00,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2009/08/08 17:55:07 | 00,248,320 | ---- | M] () -- C:\Users\Owner\Documents\lista ipc.xls

[2009/08/06 18:15:02 | 00,109,568 | ---- | M] () -- C:\Users\Owner\Documents\lista ipc(1).xls

< End of report >

 

 

 

 

 

 

 

 

 

 

OTL Extras logfile created on: 29/08/2009 11:34:05 - Run 1

OTL by OldTimer - Version 3.0.10.7 Folder = C:\Users\Owner\Desktop

Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6001.18000)

Locale: 00000416 | Country: Brazil | Language: PTB | Date Format: dd/MM/yyyy

 

2,00 Gb Total Physical Memory | 1,91 Gb Available Physical Memory | 95,70% Memory free

4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 221,20 Gb Total Space | 157,60 Gb Free Space | 71,25% Space Free | Partition Type: NTFS

Drive D: | 11,68 Gb Total Space | 2,00 Gb Free Space | 17,12% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: OWNER-PC

Current User Name: Owner

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"UacDisableNotify" = 0

"InternetSettingsDisableNotify" = 0

"AutoUpdateDisableNotify" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)

 

 

========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{3018649E-A33C-4629-946D-036489690A32}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{4EFA2B29-6B4C-4F9D-A0DE-6107989A823F}" = lport=2869 | protocol=6 | dir=in | app=system |

 

========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{04820B17-7658-4344-A5B7-C41D45EF2E66}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |

"{15C56B49-E2CD-41FE-ADD8-0261477E4F3D}" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\temp\7zs3a9f.tmp\symnrt.exe |

"{2FD82A6D-14C5-408F-9477-B4E0800774FC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{3233706A-074C-4F28-8665-1BC990A4551C}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |

"{413BF656-5A07-4541-924D-B47163E46F2A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{46406647-2382-4C5C-87AB-5BC87D3A28CF}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |

"{664F0F79-8476-42A6-B3AF-003D3834DEC2}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |

"{685B4C90-8C2C-4B64-AD9F-CE95CF82CEB7}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{6DA9DFEA-0AB2-459C-A646-158182C75152}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |

"{763958AC-26B0-4590-9289-896518A1C8F3}" = protocol=6 | dir=in | app=c:\program files\mediacoder\mediacoder.exe |

"{834D8F8C-8A4E-430F-9588-FDB3C06090DB}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{8D404B90-DBB6-4C47-A835-44EFD4C04957}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |

"{98370C9E-BEDD-49B0-A1ED-3A6622AA16D5}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{9DA60304-9ACB-40B3-AF93-70ADA7A4B2F5}" = protocol=17 | dir=in | app=c:\program files\mediacoder\mediacoder.exe |

"{A2100764-A630-4771-8CE4-157B32414391}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{ABEB31BB-FFC4-42B9-B066-09C59A411E5F}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |

"{AC7D0598-8C3D-4E24-813A-E058A514B547}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |

"{B4BE955E-960C-4B09-90A5-C11E55463523}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |

"{B9BD04B8-8A4E-479F-9B66-3E6E74904126}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |

"{C3A360BA-DF3F-4BD7-A944-861C779AA41C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{C7072CAC-4481-4A5E-AEAD-D402CDEF5AAB}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |

"{C729DE13-2C46-4681-B2FC-7BD77BFABC2A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{CF346E64-6138-4C33-8090-6208B5A38FD8}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |

"{DAF86E4B-0735-47DC-A5DB-637A88C45C74}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{DB39C6BB-E5FB-4D42-A784-AE1001792996}" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\temp\7zs3a9f.tmp\symnrt.exe |

"{FCE76EB6-72C7-448E-8F05-5635A203EAD5}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |

"TCP Query User{3217AE1A-A3A5-4A1A-B79C-30CAECD7711C}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |

"TCP Query User{514470E4-7F3C-4C1A-9319-BA62212418A6}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe |

"TCP Query User{952D6452-2EDF-4CF9-8866-A8388AB64089}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |

"TCP Query User{BF542637-3EDE-49CC-B755-C72537E9F425}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"UDP Query User{4EFC07F4-ECB1-4BCA-8C76-7081C913A1FE}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |

"UDP Query User{B023B166-FC17-4CDB-A212-976C40D6EF47}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |

"UDP Query User{CFD0A06B-F662-4300-B4B4-34E4C81F2F63}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"UDP Query User{ED397CBA-705D-4CD4-BE7B-33B27E5CA5EE}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe |

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer

"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1

"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer

"{082F8ABA-84D5-4837-9DFC-F365D91A07D4}" = HP Smart Web Printing

"{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library

"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1

"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works

"{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1

"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite

"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget

"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant

"{250E9609-E830-43EB-B379-DAB7546A2422}" = muvee autoProducer 6.1

"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check

"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 15

"{28EDCE9C-3304-4331-8AB3-F3EBE94C35B4}" = HP Help and Support

"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java 6 Update 2

"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE

"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 E1

"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor

"{38EAC694-0D90-445F-8C17-8B50ADFE3162}" = Slingbox Flash Tour

"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.6

"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout

"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger

"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02

"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7DC4A410-9986-4329-9E5D-687B2C42CA39}" = HP QuickTouch 1.00 C4

"{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant

"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend

"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Touch Pad Driver

"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel

"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer

"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2

"{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1

"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin

"{b02df929-29a7-4fd2-9a70-81a644b635f7}" = HP Total Care Advisor

"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc

"{B53620C0-3A83-4F50-A7AB-175DB64C1CE3}" = HP User Guides 0090

"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5

"{BD0E2B92-3814-46F0-893B-4612EA010C7E}" = HP Customer Experience Enhancements

"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint

"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant

"{CC4A73BF-938E-4C19-A553-853C035C9BA1}" = LightScribe System Software 1.10.13.1

"{D063F201-FAC4-4D5C-B10B-615058ADE5A7}" = HP Update

"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1

"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01

"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime

"{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo

"ActiveScan 2.0" = Panda ActiveScan 2.0

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"CNXT_AUDIO_HDA" = Conexant HD Audio

"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP

"eMule" = eMule

"FindyKill" = FindyKill

"Foxit Reader" = Foxit Reader

"Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.25149)

"HDMI" = Intel® Graphics Media Accelerator Driver

"HijackThis" = HijackThis 2.0.2

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"HP Photosmart Essential" = HP Photosmart Essential 2.5

"HP Smart Web Printing" = HP Smart Web Printing

"InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer

"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"Marvell Miniport Driver" = Marvell Miniport Driver

"Orbit_is1" = Orbit Downloader

"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6

"ViewpointMediaPlayer" = Viewpoint Media Player

"WildTangent hp Master Uninstall" = My HP Games

"WinRAR archiver" = WinRAR archiver

"XMedia Recode" = XMedia Recode 2.1.2.5

 

========== Last 10 Event Log Errors ==========

 

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

 

< End of report >

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Tarde! cris666

 

<@> Baixe: < desktopicon.png > ( ...by sUBs )

 

<!> Link-2 --> < ForoSpyware >

 

<!> Link-3 --> < GeeksToGo >

 

<@> Salve-o no desktop!

<@> Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )

<@> Feche todas as janelas e execute a ferramenta!

 

<@> Ps: A execução,por comando,também é possível:

<@> Vá em Iniciar --> Executar --> Digite ou cole: "%userprofile%\desktop\Combofix.exe" /killall

 

combofixejr8.gif

 

<@> Clique em Ok.

<@> Na solicitação: "Negação de garantia de software" --> Clique em Sim!

 

RcAuto1.gif

 

<@> Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo!

<@> Terminando,clique Sim ou Yes. --> Aguarde!

 

<!> Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta ComboFix.exe e faça,novamente,seu download.

<!> Salve-a no desktop,renomeada como: Kombo.exe

<!> Ps: Nomeie durante o salvamento,e não após salvá-la!

<!> Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em "Modo de Segurança". <-- Link!

<!> Ps: Na presença de atividades rootkit,teremos a seguinte janela de notificação:

 

Rookit_found.gif

 

<!> Ps: Anote essas detecções,e dê o OK.

<!> Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!

<!> Ps: Evite executar,voluntariamente,esta ferramenta!

<!> Ps: Para evitar problemas,siga todas as recomendações propostas.

<!> nuke.gifO ComboFix é uma ferramenta que pode danificar o sistema. Utilize-o,somente,sob supervisão profissional.

<@> Abrir-se-á a janela Auto Scan. --> Aguarde!

<@> Àfim de completar as remoções,o ComboFix poderá reiniciar o computador.

<@> Se houver necessidade,digite a opção para continuar! --> ( 1 ) --> Aperte Enter! --> Aguarde a conclusão!

<@> Durante o scan,evite manusear o mouse ou teclado! <-- Importante!

<@> Para parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter!

<><><><><><><><><><><><>

<@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa tarde! Aqui estão os relatórios:

 

ComboFix 09-08-28.06 - Owner 29/08/2009 16:06.1.2 - NTFSx86 MINIMAL

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.55.1033.18.3062.2606 [GMT -3:00]

Executando de: c:\users\Owner\Desktop\ComboFix.exe

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\$recycle.bin\S-1-5-21-232775485-1230041090-1104653597-500

c:\$recycle.bin\S-1-5-21-242662230-3875772334-1554595176-500

C:\InfoSat.txt

c:\windows\Installer\2fe256.msi

c:\windows\Installer\69b02.msi

c:\windows\system32\KBL.LOG

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-07-28 to 2009-08-29 ))))))))))))))))))))))))))))

.

 

2009-08-29 01:15 . 2009-08-29 01:17 -------- d-----w- C:\FindyKill

2009-08-29 00:49 . 2009-08-29 01:14 -------- d-----w- c:\program files\FindyKill

2009-08-29 00:45 . 2009-08-29 00:48 1227828 ----a-w- c:\users\Owner\FindyKill.exe

2009-08-29 00:29 . 2009-08-29 00:30 501736 ----a-w- c:\users\Owner\LopSD.exe

2009-08-29 00:26 . 2009-08-29 04:31 -------- d-----w- C:\Lop SD

2009-08-29 00:22 . 2009-08-29 00:22 -------- d-----w- c:\progra~2\NortonInstaller

2009-08-27 23:23 . 2008-06-19 20:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys

2009-08-27 20:43 . 2009-08-28 01:27 -------- d-----w- c:\users\Owner\AppData\Local\Adobe

2009-08-27 17:41 . 2009-08-27 18:54 -------- d-----w- c:\users\Owner\.housecall6.6

2009-08-26 13:05 . 2009-06-22 10:22 2048 ----a-w- c:\windows\system32\tzres.dll

2009-08-26 00:23 . 2009-06-05 12:34 28672 ----a-w- c:\windows\system32\Apphlpdm.dll

2009-08-26 00:23 . 2009-06-05 10:08 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

2009-08-23 19:05 . 2009-08-27 23:23 -------- d-----w- c:\program files\Panda Security

2009-08-23 00:53 . 2009-08-23 00:53 -------- d-----w- c:\progra~2\SiteAdvisor

2009-08-23 00:52 . 2009-08-23 00:52 -------- d-----w- c:\program files\Common Files\McAfee

2009-08-23 00:52 . 2009-08-23 16:10 -------- d-----w- c:\program files\McAfee

2009-08-23 00:52 . 2009-08-23 00:52 -------- d-----w- c:\progra~2\McAfee

2009-08-22 16:24 . 2009-08-22 16:24 -------- d-----w- c:\users\Owner\AppData\Roaming\Foxit

2009-08-22 16:24 . 2009-08-22 16:24 -------- d-----w- c:\program files\Foxit Software

2009-08-22 02:23 . 2009-06-15 15:24 175104 ----a-w- c:\windows\system32\wdigest.dll

2009-08-22 02:23 . 2009-06-15 15:24 270848 ----a-w- c:\windows\system32\schannel.dll

2009-08-22 02:23 . 2009-06-15 15:23 1256448 ----a-w- c:\windows\system32\lsasrv.dll

2009-08-22 02:23 . 2009-06-15 15:22 213504 ----a-w- c:\windows\system32\msv1_0.dll

2009-08-22 02:23 . 2009-06-15 15:21 499712 ----a-w- c:\windows\system32\kerberos.dll

2009-08-22 02:23 . 2009-06-15 18:20 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2009-08-22 02:23 . 2009-06-15 15:24 72704 ----a-w- c:\windows\system32\secur32.dll

2009-08-22 02:23 . 2009-06-15 12:57 9728 ----a-w- c:\windows\system32\lsass.exe

2009-08-20 20:38 . 2009-08-20 20:38 -------- d-----w- c:\users\Owner\AppData\Roaming\AVG8

2009-08-12 01:55 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll

2009-08-12 01:55 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll

2009-08-12 01:53 . 2009-06-10 12:07 91136 ----a-w- c:\windows\system32\avifil32.dll

2009-08-11 22:07 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll

2009-08-11 22:07 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll

2009-08-11 22:07 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll

2009-08-11 22:07 . 2009-07-14 10:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL

2009-08-11 22:01 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\system32\mstscax.dll

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-29 14:27 . 2008-07-26 23:14 6540 ----a-w- c:\users\Owner\AppData\Local\d3d9caps.dat

2009-08-29 00:25 . 2008-09-16 21:25 -------- d-----w- c:\users\Owner\AppData\Roaming\Orbit

2009-08-29 00:23 . 2008-02-23 08:50 -------- d-----w- c:\progra~2\Symantec

2009-08-29 00:23 . 2008-02-23 08:50 -------- d-----w- c:\program files\Common Files\Symantec Shared

2009-08-27 18:01 . 2008-02-23 10:24 -------- d-----w- c:\program files\Java

2009-08-22 19:02 . 2008-07-26 23:08 -------- d-----w- c:\program files\Electronic Arts

2009-08-13 23:01 . 2008-02-23 09:53 -------- d-----w- c:\progra~2\Microsoft Help

2009-08-12 15:36 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

2009-07-25 08:23 . 2009-03-15 19:20 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-07-18 16:06 . 2009-07-29 02:01 827904 ----a-w- c:\windows\system32\wininet.dll

2009-07-18 16:01 . 2009-07-29 02:01 78336 ----a-w- c:\windows\system32\ieencode.dll

2009-07-18 09:46 . 2009-07-29 02:01 26624 ----a-w- c:\windows\system32\ieUnatt.exe

2009-07-14 16:08 . 2008-02-23 08:48 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-07-12 01:50 . 2009-07-12 01:32 -------- d-----w- c:\progra~2\NOS

2009-07-12 01:50 . 2009-07-12 01:32 -------- d-----w- c:\program files\NOS

2009-06-20 21:24 . 2009-06-20 21:24 10134 ----a-r- c:\users\Owner\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe

2009-06-15 15:24 . 2009-07-15 01:59 156672 ----a-w- c:\windows\system32\t2embed.dll

2009-06-15 15:20 . 2009-07-15 01:59 72704 ----a-w- c:\windows\system32\fontsub.dll

2009-06-15 15:20 . 2009-07-15 01:59 10240 ----a-w- c:\windows\system32\dciman32.dll

2009-06-15 12:52 . 2009-07-15 01:59 289792 ----a-w- c:\windows\system32\atmfd.dll

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-07-25 174616]

"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-12-20 468264]

"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032]

"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-17 218408]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-19 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-19 154136]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-19 129560]

"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-03-11 159744]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"GrpConv"="grpconv -o" [X]

 

c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{46406647-2382-4C5C-87AB-5BC87D3A28CF}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader

"{6DA9DFEA-0AB2-459C-A646-158182C75152}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader

"{DAF86E4B-0735-47DC-A5DB-637A88C45C74}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{A2100764-A630-4771-8CE4-157B32414391}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{8D404B90-DBB6-4C47-A835-44EFD4C04957}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector

"{AC7D0598-8C3D-4E24-813A-E058A514B547}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl

"{B9BD04B8-8A4E-479F-9B66-3E6E74904126}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl

"{CF346E64-6138-4C33-8090-6208B5A38FD8}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl

"{04820B17-7658-4344-A5B7-C41D45EF2E66}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl

"{B4BE955E-960C-4B09-90A5-C11E55463523}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl

"{3233706A-074C-4F28-8665-1BC990A4551C}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl

"{ABEB31BB-FFC4-42B9-B066-09C59A411E5F}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play

"{664F0F79-8476-42A6-B3AF-003D3834DEC2}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program

"{834D8F8C-8A4E-430F-9588-FDB3C06090DB}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{FCE76EB6-72C7-448E-8F05-5635A203EAD5}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire

"{C7072CAC-4481-4A5E-AEAD-D402CDEF5AAB}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire

"{763958AC-26B0-4590-9289-896518A1C8F3}"= UDP:c:\program files\MediaCoder\mediacoder.exe:MediaCoder

"{9DA60304-9ACB-40B3-AF93-70ADA7A4B2F5}"= TCP:c:\program files\MediaCoder\mediacoder.exe:MediaCoder

"TCP Query User{952D6452-2EDF-4CF9-8866-A8388AB64089}c:\\program files\\orbitdownloader\\orbitnet.exe"= UDP:c:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader

"UDP Query User{4EFC07F4-ECB1-4BCA-8C76-7081C913A1FE}c:\\program files\\orbitdownloader\\orbitnet.exe"= TCP:c:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader

"TCP Query User{514470E4-7F3C-4C1A-9319-BA62212418A6}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule

"UDP Query User{ED397CBA-705D-4CD4-BE7B-33B27E5CA5EE}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule

"TCP Query User{BF542637-3EDE-49CC-B755-C72537E9F425}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer

"UDP Query User{CFD0A06B-F662-4300-B4B4-34E4C81F2F63}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer

"{C729DE13-2C46-4681-B2FC-7BD77BFABC2A}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{685B4C90-8C2C-4B64-AD9F-CE95CF82CEB7}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{DB39C6BB-E5FB-4D42-A784-AE1001792996}"= UDP:c:\users\Owner\AppData\Local\Temp\7zS3A9F.tmp\SymNRT.exe:Norton Removal Tool

"{15C56B49-E2CD-41FE-ADD8-0261477E4F3D}"= TCP:c:\users\Owner\AppData\Local\Temp\7zS3A9F.tmp\SymNRT.exe:Norton Removal Tool

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]

"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

 

S0 pavboot;pavboot;c:\windows\System32\drivers\pavboot.sys [27/08/2009 20:23 28544]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [22/08/2009 21:52 210216]

 

--- =Outros Serviços/Drivers Na Memória ---

 

*NewlyCreated* - ECACHE

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

"c:\program files\Common Files\LightScribe\LSRunOnce.exe"

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-08-28 c:\windows\Tasks\User_Feed_Synchronization-{BD821E18-E4F7-4738-9E37-983FA78A6579}.job

- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]

.

- - - - ORFÃOS REMOVIDOS - - - -

 

HKLM-RunOnce-<NO NAME> - (no file)

 

 

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.freerice.com/index.php

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop

uInternet Settings,ProxyServer = 139.82.115.10:80

uSearchURL,(Default) = hxxp://br.search.yahoo.com/search?fr=mcafee&p=%s

IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204

IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-29 16:13

Windows 6.0.6001 Service Pack 1 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'Explorer.exe'(1472)

c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll

c:\windows\system32\igfxsrvc.dll

.

Tempo para conclusão: 2009-08-29 16:15

ComboFix-quarantined-files.txt 2009-08-29 19:15

 

Pré-execução: The system cannot find message text for message number 0x2379 in the message file for Application.

Pós execução: 172.254.035.968 bytes free

 

196 --- E O F --- 2009-08-29 00:31

------------------------------------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:20:26, on 29/08/2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18294)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\HP\QuickPlay\QPService.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Users\Owner\Desktop\imabunny.exe.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freerice.com/index.php

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://br.search.yahoo.com/search?fr=mcafee&p=%s

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 139.82.115.10:80

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (file missing)

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: HP Print Clips - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe"

O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [QlbCtrl] "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start

O4 - HKLM\..\Run: [uCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"

O4 - HKLM\..\Run: [igfxTray] "C:\Windows\system32\igfxtray.exe"

O4 - HKLM\..\Run: [HotKeysCmds] "C:\Windows\system32\hkcmd.exe"

O4 - HKLM\..\Run: [Persistence] "C:\Windows\system32\igfxpers.exe"

O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlcm.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe

O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

 

--

End of file - 7692 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Noite! cris666

 

<@> Reinicie em Modo de Segurança.

<@> Abra o HijackThis --> Clique: Do a system scan only

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 139.82.115.10:80

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (file missing)

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202

 

<@> Marque,àcima,estas entradas --> Clique: Fix checked --> Sim!

<@> Reinicie em Modo Normal.

<><><><><><><><><><><><>

<@> Selecione e copie,todo o conteúdo que está na área do Quote,para o Bloco de Notas.

<@> Salve-o,no desktop,com o nome: CFScript.txt

 

Registry::

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000000

[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

RegLock::

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

File::

C:\Program Files\Orbitdownloader\orbitdm.exe

C:\Program Files\Orbitdownloader\orbitmxt.dll

Folder::

C:\Program Files\Orbitdownloader

<@> Ps: Não utilizem este script em outra máquina!

<@> Arraste,o CFScript.txt para o ícone/interior do ComboFix.

<@> Veja a demonstração!

 

2872959479_997d4500c4_o.gif

 

<@> Atenda à solicitação,que deverá surgir,para rodar o ComboFix.

<@> Ps: Faça o arraste,até surgir essa solicitação! ( janela )

<@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa noite!

 

Log do Hijackthis:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:24:57, on 30/08/2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18294)

Boot mode: Safe mode

 

Running processes:

C:\Windows\Explorer.EXE

C:\Users\Owner\Desktop\imabunny.exe.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freerice.com/index.php

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://br.search.yahoo.com/search?fr=mcafee&p=%s

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: HP Print Clips - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe"

O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [QlbCtrl] "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start

O4 - HKLM\..\Run: [uCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"

O4 - HKLM\..\Run: [igfxTray] "C:\Windows\system32\igfxtray.exe"

O4 - HKLM\..\Run: [HotKeysCmds] "C:\Windows\system32\hkcmd.exe"

O4 - HKLM\..\Run: [Persistence] "C:\Windows\system32\igfxpers.exe"

O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlcm.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe

O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

 

--

End of file - 5845 bytes

------------------------

ComboFix 09-08-28.06 - Owner 30/08/2009 20:09.1.2 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.55.1033.18.3062.2075 [GMT -3:00]

Executando de: c:\users\Owner\Desktop\ComboFix.exe

Comandos utilizados :: c:\users\Owner\Desktop\CFScript.txt

 

FILE ::

"c:\program files\Orbitdownloader\orbitdm.exe"

"c:\program files\Orbitdownloader\orbitmxt.dll"

.

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-07-28 to 2009-08-30 ))))))))))))))))))))))))))))

.

 

2009-08-30 23:16 . 2009-08-30 23:16 -------- d-----w- c:\users\Public\AppData\Local\temp

2009-08-30 23:16 . 2009-08-30 23:16 -------- d-----w- c:\users\Default\AppData\Local\temp

2009-08-30 04:35 . 2009-08-30 04:35 -------- d-sh--w- C:\found.006

2009-08-29 19:16 . 2009-08-30 23:16 -------- d-----w- c:\users\Owner\AppData\Local\temp

2009-08-29 01:15 . 2009-08-29 01:17 -------- d-----w- C:\FindyKill

2009-08-29 00:49 . 2009-08-29 01:14 -------- d-----w- c:\program files\FindyKill

2009-08-29 00:45 . 2009-08-29 00:48 1227828 ----a-w- c:\users\Owner\FindyKill.exe

2009-08-29 00:29 . 2009-08-29 00:30 501736 ----a-w- c:\users\Owner\LopSD.exe

2009-08-29 00:26 . 2009-08-29 04:31 -------- d-----w- C:\Lop SD

2009-08-29 00:22 . 2009-08-29 00:22 -------- d-----w- c:\progra~2\NortonInstaller

2009-08-27 23:23 . 2008-06-19 20:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys

2009-08-27 20:43 . 2009-08-28 01:27 -------- d-----w- c:\users\Owner\AppData\Local\Adobe

2009-08-27 17:41 . 2009-08-27 18:54 -------- d-----w- c:\users\Owner\.housecall6.6

2009-08-26 13:05 . 2009-06-22 10:22 2048 ----a-w- c:\windows\system32\tzres.dll

2009-08-26 00:23 . 2009-06-05 12:34 28672 ----a-w- c:\windows\system32\Apphlpdm.dll

2009-08-26 00:23 . 2009-06-05 10:08 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

2009-08-23 19:05 . 2009-08-27 23:23 -------- d-----w- c:\program files\Panda Security

2009-08-23 00:53 . 2009-08-23 00:53 -------- d-----w- c:\progra~2\SiteAdvisor

2009-08-23 00:52 . 2009-08-23 00:52 -------- d-----w- c:\program files\Common Files\McAfee

2009-08-23 00:52 . 2009-08-23 16:10 -------- d-----w- c:\program files\McAfee

2009-08-23 00:52 . 2009-08-23 00:52 -------- d-----w- c:\progra~2\McAfee

2009-08-22 16:24 . 2009-08-22 16:24 -------- d-----w- c:\users\Owner\AppData\Roaming\Foxit

2009-08-22 16:24 . 2009-08-22 16:24 -------- d-----w- c:\program files\Foxit Software

2009-08-22 02:23 . 2009-06-15 15:24 175104 ----a-w- c:\windows\system32\wdigest.dll

2009-08-22 02:23 . 2009-06-15 15:24 270848 ----a-w- c:\windows\system32\schannel.dll

2009-08-22 02:23 . 2009-06-15 15:23 1256448 ----a-w- c:\windows\system32\lsasrv.dll

2009-08-22 02:23 . 2009-06-15 15:22 213504 ----a-w- c:\windows\system32\msv1_0.dll

2009-08-22 02:23 . 2009-06-15 15:21 499712 ----a-w- c:\windows\system32\kerberos.dll

2009-08-22 02:23 . 2009-06-15 18:20 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2009-08-22 02:23 . 2009-06-15 15:24 72704 ----a-w- c:\windows\system32\secur32.dll

2009-08-22 02:23 . 2009-06-15 12:57 9728 ----a-w- c:\windows\system32\lsass.exe

2009-08-20 20:38 . 2009-08-20 20:38 -------- d-----w- c:\users\Owner\AppData\Roaming\AVG8

2009-08-12 01:55 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll

2009-08-12 01:55 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll

2009-08-12 01:53 . 2009-06-10 12:07 91136 ----a-w- c:\windows\system32\avifil32.dll

2009-08-11 22:07 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll

2009-08-11 22:07 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll

2009-08-11 22:07 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll

2009-08-11 22:07 . 2009-07-14 10:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL

2009-08-11 22:01 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\system32\mstscax.dll

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-30 23:01 . 2008-07-26 23:14 6540 ----a-w- c:\users\Owner\AppData\Local\d3d9caps.dat

2009-08-29 00:25 . 2008-09-16 21:25 -------- d-----w- c:\users\Owner\AppData\Roaming\Orbit

2009-08-29 00:23 . 2008-02-23 08:50 -------- d-----w- c:\progra~2\Symantec

2009-08-29 00:23 . 2008-02-23 08:50 -------- d-----w- c:\program files\Common Files\Symantec Shared

2009-08-27 18:01 . 2008-02-23 10:24 -------- d-----w- c:\program files\Java

2009-08-22 19:02 . 2008-07-26 23:08 -------- d-----w- c:\program files\Electronic Arts

2009-08-13 23:01 . 2008-02-23 09:53 -------- d-----w- c:\progra~2\Microsoft Help

2009-08-12 15:36 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

2009-07-25 08:23 . 2009-03-15 19:20 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-07-18 16:06 . 2009-07-29 02:01 827904 ----a-w- c:\windows\system32\wininet.dll

2009-07-18 16:01 . 2009-07-29 02:01 78336 ----a-w- c:\windows\system32\ieencode.dll

2009-07-18 09:46 . 2009-07-29 02:01 26624 ----a-w- c:\windows\system32\ieUnatt.exe

2009-07-14 16:08 . 2008-02-23 08:48 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-07-12 01:50 . 2009-07-12 01:32 -------- d-----w- c:\progra~2\NOS

2009-07-12 01:50 . 2009-07-12 01:32 -------- d-----w- c:\program files\NOS

2009-06-20 21:24 . 2009-06-20 21:24 10134 ----a-r- c:\users\Owner\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe

2009-06-15 15:24 . 2009-07-15 01:59 156672 ----a-w- c:\windows\system32\t2embed.dll

2009-06-15 15:20 . 2009-07-15 01:59 72704 ----a-w- c:\windows\system32\fontsub.dll

2009-06-15 15:20 . 2009-07-15 01:59 10240 ----a-w- c:\windows\system32\dciman32.dll

2009-06-15 12:52 . 2009-07-15 01:59 289792 ----a-w- c:\windows\system32\atmfd.dll

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-07-25 174616]

"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-12-20 468264]

"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032]

"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-17 218408]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-19 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-19 154136]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-19 129560]

"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-03-11 159744]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{46406647-2382-4C5C-87AB-5BC87D3A28CF}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader

"{6DA9DFEA-0AB2-459C-A646-158182C75152}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader

"{DAF86E4B-0735-47DC-A5DB-637A88C45C74}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{A2100764-A630-4771-8CE4-157B32414391}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{8D404B90-DBB6-4C47-A835-44EFD4C04957}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector

"{AC7D0598-8C3D-4E24-813A-E058A514B547}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl

"{B9BD04B8-8A4E-479F-9B66-3E6E74904126}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl

"{CF346E64-6138-4C33-8090-6208B5A38FD8}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl

"{04820B17-7658-4344-A5B7-C41D45EF2E66}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl

"{B4BE955E-960C-4B09-90A5-C11E55463523}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl

"{3233706A-074C-4F28-8665-1BC990A4551C}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl

"{ABEB31BB-FFC4-42B9-B066-09C59A411E5F}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play

"{664F0F79-8476-42A6-B3AF-003D3834DEC2}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program

"{834D8F8C-8A4E-430F-9588-FDB3C06090DB}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{FCE76EB6-72C7-448E-8F05-5635A203EAD5}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire

"{C7072CAC-4481-4A5E-AEAD-D402CDEF5AAB}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire

"{763958AC-26B0-4590-9289-896518A1C8F3}"= UDP:c:\program files\MediaCoder\mediacoder.exe:MediaCoder

"{9DA60304-9ACB-40B3-AF93-70ADA7A4B2F5}"= TCP:c:\program files\MediaCoder\mediacoder.exe:MediaCoder

"TCP Query User{952D6452-2EDF-4CF9-8866-A8388AB64089}c:\\program files\\orbitdownloader\\orbitnet.exe"= UDP:c:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader

"UDP Query User{4EFC07F4-ECB1-4BCA-8C76-7081C913A1FE}c:\\program files\\orbitdownloader\\orbitnet.exe"= TCP:c:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader

"TCP Query User{514470E4-7F3C-4C1A-9319-BA62212418A6}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule

"UDP Query User{ED397CBA-705D-4CD4-BE7B-33B27E5CA5EE}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule

"TCP Query User{BF542637-3EDE-49CC-B755-C72537E9F425}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer

"UDP Query User{CFD0A06B-F662-4300-B4B4-34E4C81F2F63}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer

"{C729DE13-2C46-4681-B2FC-7BD77BFABC2A}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{685B4C90-8C2C-4B64-AD9F-CE95CF82CEB7}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{DB39C6BB-E5FB-4D42-A784-AE1001792996}"= UDP:c:\users\Owner\AppData\Local\Temp\7zS3A9F.tmp\SymNRT.exe:Norton Removal Tool

"{15C56B49-E2CD-41FE-ADD8-0261477E4F3D}"= TCP:c:\users\Owner\AppData\Local\Temp\7zS3A9F.tmp\SymNRT.exe:Norton Removal Tool

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]

"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

 

R0 pavboot;pavboot;c:\windows\System32\drivers\pavboot.sys [27/08/2009 20:23 28544]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [22/08/2009 21:52 210216]

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

"c:\program files\Common Files\LightScribe\LSRunOnce.exe"

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-08-30 c:\windows\Tasks\User_Feed_Synchronization-{BD821E18-E4F7-4738-9E37-983FA78A6579}.job

- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.freerice.com/index.php

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop

uSearchURL,(Default) = hxxp://br.search.yahoo.com/search?fr=mcafee&p=%s

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-30 20:16

Windows 6.0.6001 Service Pack 1 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'Explorer.exe'(3368)

c:\program files\McAfee\SiteAdvisor\saHook.dll

c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll

.

Tempo para conclusão: 2009-08-30 20:18

ComboFix-quarantined-files.txt 2009-08-30 23:18

ComboFix2.txt 2009-08-29 19:16

 

Pré-execução: 169.065.472.000 bytes free

Pós execução: 169.043.488.768 bytes free

 

170 --- E O F --- 2009-08-29 00:31

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Noite! cris666

 

<@> Baixe: < rootRepealDesktopIcon.png >

 

<!> Link-2 < RootRepeal.zip >

<!> Link-3 < RootRepeal.zip >

 

<@> Descompacte-o para o desktop.

<@> Abra a o programa,e clique em "Report" --> "Scan" < btnScan.png >

 

checkBoxes2.png

 

<@> Marque,àcima,as 7 caixinhas. --> Clique OK.

<@> Escolha,à seguir,seu drive. ( C:\ ou D:\ ) --> OK.

<@> Dê início ao scan e,ao terminar,clique em "Save Report" < saveReport.png >

<@> Salve-o com o nome: "RootRepeal.txt" <-- Relatório!

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá! Segue abaixo o relatório!

 

ROOTREPEAL © AD, 2007-2009

==================================================

Scan Start Time: 2009/08/31 11:01

Program Version: Version 1.3.5.0

Windows Version: Windows Vista SP1

==================================================

 

Drivers

-------------------

Name: dump_iaStor.sys

Image Path: C:\Windows\System32\Drivers\dump_iaStor.sys

Address: 0x82F04000 Size: 815104 File Visible: No Signed: -

Status: -

 

Name: rootrepeal.sys

Image Path: C:\Windows\system32\drivers\rootrepeal.sys

Address: 0x812CF000 Size: 49152 File Visible: No Signed: -

Status: -

 

Hidden/Locked Files

-------------------

Path: C:\hiberfil.sys

Status: Locked to the Windows API!

 

Path: C:\System Volume Information\{76594ed9-95bc-11de-8afa-001d72639628}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

 

Path: C:\System Volume Information\{7b2d06b5-9240-11de-8905-001d72639628}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

 

Path: C:\System Volume Information\{86452437-8fff-11de-8a70-001d72639628}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

 

Path: C:\System Volume Information\{86c24819-90f5-11de-a381-001d72639628}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

 

Path: C:\System Volume Information\{98282c4a-9430-11de-9f8c-001d72639628}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

 

Path: C:\System Volume Information\{9832db18-8d16-11de-8e2a-001d72639628}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

 

Path: C:\System Volume Information\{9d22dfdd-8f41-11de-86b3-001d72639628}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

 

Path: C:\System Volume Information\{bc43fa21-8db2-11de-8dcc-001d72639628}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

 

Path: C:\System Volume Information\{bf95f3a1-8604-11de-8d45-001d72639628}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

 

Path: C:\System Volume Information\{c02f92b2-7bdf-11de-8f68-001d72639628}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

 

Path: C:\System Volume Information\{e9437ab8-8db5-11de-a3bc-001d72639628}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

 

Path: C:\System Volume Information\{ecb90237-8ce0-11de-a2f7-001d72639628}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

 

Path: C:\System Volume Information\{ECB90~2

Status: Locked to the Windows API!

 

Path: C:\System Volume Information\{f1313f19-8c42-11de-914c-001d72639628}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

 

Path: C:\System Volume Information\{f84c3937-8f2b-11de-8960-001d72639628}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

 

Path: C:\System Volume Information\{3b045937-8755-11de-a1e7-001d72639628}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

 

Path: C:\System Volume Information\{4b7c22a1-8514-11de-8f01-001d72639628}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

 

Path: C:\System Volume Information\{509870a1-8360-11de-9067-001d72639628}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

 

Path: C:\System Volume Information\{02951b99-8087-11de-8dc4-001d72639628}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

 

Path: C:\System Volume Information\{0a555a19-7c5a-11de-8f38-001d72639628}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

 

Path: C:\System Volume Information\{2851c4a1-7dea-11de-9e09-001d72639628}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

 

Path: C:\System Volume Information\{3761fc3e-9329-11de-b6ab-001d72639628}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

 

Path: C:\System Volume Information\{3761fc46-9329-11de-b6ab-001d72639628}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

 

Path: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

 

Path: C:\Users\Owner\NetHood

Status: Locked to the Windows API!

 

Path: C:\Users\Owner\PrintHood

Status: Locked to the Windows API!

 

Path: C:\Users\Owner\SendTo

Status: Locked to the Windows API!

 

Path: C:\Users\Owner\Templates

Status: Locked to the Windows API!

 

Path: c:\windows\temp\sqlite_6bdsj56k9gff8to

Status: Allocation size mismatch (API: 4096, Raw: 0)

 

Path: c:\windows\temp\sqlite_9b3u756x0cyqh1a

Status: Allocation size mismatch (API: 4096, Raw: 0)

 

Path: c:\windows\temp\sqlite_bfqcydr3x5vyotc

Status: Allocation size mismatch (API: 4096, Raw: 0)

 

Path: c:\windows\temp\sqlite_lvsza8dwd2hzfbd

Status: Allocation size mismatch (API: 4096, Raw: 0)

 

Path: c:\windows\temp\sqlite_mrbulbe2hhwgqn7

Status: Allocation size mismatch (API: 4096, Raw: 0)

 

Path: c:\windows\temp\sqlite_odbvdhinodlkyay

Status: Allocation size mismatch (API: 4096, Raw: 0)

 

Path: c:\windows\temp\sqlite_slbiylfszklpsws

Status: Allocation size mismatch (API: 4096, Raw: 0)

 

Path: c:\windows\temp\sqlite_wsy1inueoeh2lvp

Status: Allocation size mismatch (API: 4096, Raw: 0)

 

Path: C:\Windows\System32\migration\WININE~1.DLL

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_b7e00e6c7b30b69b.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_5c4003bc63e949f6.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_7b33aa7d218504d2.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.0.0_none_3658456fda6654f6.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_365945b9da656e4d.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9849.0_none_a6e7a8e20e9863b4.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.91_none_58b1a5ca663317c4.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_abac38a907ee8801.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9848.0_none_b7e811287b298060.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8a14c0566bec5b24.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_db5f52fb98cb24ad.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_9193a620671dde41.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_54c11df268b7c6d9.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_d6c3e7af9bae13a2.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.1.microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_8b7b15c031cda6db.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.91_none_db5f5c9d98cb161f.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.91_none_dc9917e997f80c63.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.163_none_10b3ea459bfee365.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_a6dea5dc0ea08098.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_8e053e8c6967ba9d.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9849.0_none_b7e911727b2899b7.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.91_none_5c400d5e63e93b68.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8dd7dea5d5a7a18a.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_4ddfc6cd11929a02.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9848.0_none_a6e6a8980e994a5d.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.163_none_91949b06671d08ae.cat

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18000_none_a64a8ac25ccb3836\$$DeleteMe.lsass.exe.01ca234e526862d6.0000

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.0.6001.18000_none_3acd4b177cb513c9\$$DeleteMe.wdigest.dll.01ca234e526f86f6.0003

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_microsoft-windows-security-kerberos_31bf3856ad364e35_6.0.6001.18000_none_e6d6dd2bb0cd8ff8\$$DeleteMe.kerberos.dll.01ca234e5271e856.0004

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_microsoft-windows-security-ntlm_31bf3856ad364e35_6.0.6001.18000_none_7cb2ecd3628ac318\$$DeleteMe.msv1_0.dll.01ca234e527449b6.0006

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.0.6001.18175_none_21cf9ef255771632\$$DeleteMe.schannel.dll.01ca234e5271e856.0005

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_microsoft-windows-w..ure-other.resources_31bf3856ad364e35_6.0.6000.16386_en-us_aba6a9ba9bd9dfc2\wshelper.dll.mui

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_policy.1.2.microsof..op.security.azroles_31bf3856ad364e35_6.0.6000.16386_none_ea83414c2e75b887\Microsoft.Interop.Security.AzRoles.config

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18157_none_01b9e7cda1f54c23\WININE~1.DLL

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18203_none_01ebf827a1d05839\WININE~1.DLL

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18226_none_01d9592da1dddc20\WININE~1.DLL

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18248_none_01c5b9e9a1ec46b0\WININE~1.DLL

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18294_none_018ba925a2186d09\WININE~1.DLL

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18215_none_a644c0145ccecd28\$$DeleteMe.lsasrv.dll.01ca234e526ac436.0001

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18215_none_a644c0145ccecd28\$$DeleteMe.lsass.exe.01ca234e526862d6.0000

Status: Locked to the Windows API!

 

Path: C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18215_none_a644c0145ccecd28\$$DeleteMe.secur32.dll.01ca234e526d2596.0002

Status: Locked to the Windows API!

 

Path: C:\Windows\assembly\GAC_32\Policy.1.2.Microsoft.Interop.Security.AzRoles\6.0.6000.16386__31bf3856ad364e35\Microsoft.Interop.Security.AzRoles.config

Status: Locked to the Windows API!

 

Path: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl

Status: Locked to the Windows API!

 

Path: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl

Status: Locked to the Windows API!

 

Path: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl

Status: Locked to the Windows API!

 

Path: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl

Status: Locked to the Windows API!

 

Path: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession.etl

Status: Locked to the Windows API!

 

Path: C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report03374394\Report.wer

Status: Visible to the Windows API, but not on disk.

 

Path: c:\programdata\microsoft\search\data\applications\windows\gatherlogs\systemindex\systemindex.200.crwl

Status: Allocation size mismatch (API: 280, Raw: 0)

 

Path: c:\programdata\microsoft\search\data\applications\windows\gatherlogs\systemindex\systemindex.200.gthr

Status: Allocation size mismatch (API: 4096, Raw: 0)

 

Processes

-------------------

Path: System

PID: 4 Status: Locked to the Windows API!

 

Path: C:\Windows\System32\audiodg.exe

PID: 1188 Status: Locked to the Windows API!

 

==EOF==

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Tarde! cris666

 

<@> Baixe: < Win32kDiag.exe >

<@> Salve-o no desktop!

<@> Execute-o e poste o relatório: Win32kDiag.txt <--

<><><><><><><><><><>

<@> Baixe: < Runscanner v. 1.8.1.0 >

<@> Ps: Cuidado para não clicar em "Instant Scan".

<@> Salve-o no Disco local(C) ou Desktop.

<@> Descompacte-o e reserve o executável. ( RunScanner.exe )

<@> Abra o programa e,com o botão Expert mode já marcado,clique Ok.

<@> Feche todas as janelas/programas,antes de executar este utilitário.

<@> Rode-o,clicando em Scan computer. --> Aguarde!

<@> Terminando,clique no menu: "Online analysis" <-- Esteja conectado!

<@> Abrirá a página: "online malware analysis report"

<@> Copie o resultado desta análise;Report Url:,para o seu computador. ( report.aspx )

<@> Coloque-o em um zip,dispondo-o no Desktop.

<@> Mantenha a extenção ( .aspx ),ao copiá-lo!

<@> Não desejando a verificação OnLine,salve-o como Arquivo RUN.

<@> Execute-o e,ao terminar,clique em "Save Run File" --> Coloque-o em um zip,dispondo-o na área de trabalho.

<@> Vá,agora,à este endereço: < Badongo >

<@> Faça upload do report.aspx.zip ou runscanner.run,que estão no desktop,para esse servidor. <-- Badongo!

<@> Copie o(s) endereço(s),que lhe serão fornecidos,para este Tópico. ( Report Url: ) ou ( Arquivo RUN )

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa noite!

 

Link do Badongo: http://www.badongo.com/file/16921105

 

 

Relatório Win32kDiag.txt:

Log file is located at: C:\Users\Owner\Desktop\Win32kDiag.txt

 

WARNING: Could not get backup privileges!

 

Searching 'C:\Windows'...

 

 

 

Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl

 

[1] 2009-08-31 13:47:18 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl ()

 

 

 

Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl

 

[1] 2009-08-31 13:47:27 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl ()

 

 

 

Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl

 

[1] 2009-08-31 13:47:27 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl ()

 

 

 

Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl

 

[1] 2009-08-31 13:47:27 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl ()

 

 

 

Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession.etl

 

[1] 2009-08-31 13:48:30 0 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession.etl ()

 

 

 

 

 

Finished!

 

 

Abçs

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom Dia! cris666

 

<@> Execute,novamente,RunScanner.

<@> Clique,com o direito do Mouse,nas linhas destacadas em vermelho.

<@> Clique em: Mark/unmark item Space

<@> Clique na aba: Item fixer --> Fix selected items.

<@> Na mensagem,dê o OK.

<@> Em Information,confirme!

<@> Clique em Unrated items,para confirmar-mos as remoções efetuadas.

<@> Caso deseje uma limpeza mais profunda,vá em Extra stuff e remova todas as linhas destacadas em vermelho.

<@> Terminando,execute a ferramenta e poste seu relatório. ( Report.txt )

<><><><><><

<@> Baixe: < marcinsig.gif > Malwarebytes

 

<@> < Link - 2 >

 

<@> Atualize o programa!

<@> Escolha o escaneamento Completo!

<@> Desabilite programas de proteção,ao executar o malwarebytes.

<@> Ps: Para determinadas infecções,a ferramenta pedirá reboot. <-- Confirme!

<@> Procure enviar os ítens detectados para a quarentena,clicando em Remover itens.

<@> Para maiores detalhes: < Link >

<><><><><><><><><><><>

<@> Poste: mbam-log-2009-xx-xx (00-00-00).txt <--

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.